The CCP can just make their own bulk copy of data covertly using botnets posing as users, as is tradition.
Also all the GPS logging metadata and behavioral training data any adversary could ever want are there for the scraping too with any number of potential exploits.
More than that though, companies like Oracle have never done any published work on supply chain attacks to my knowledge and stopping them is really hard. Are they reveiwing all the hundreds of third party dependencies too? Doubtful. Even if they are, you can review source code all day long but that will not stop a few bits being shifted at compile time to make the randomness in the TLS connections not so random, and easier to sniff for a party in the know. You could even shift them at runtime if you happen to be in charge of CPU manufacturing for most phones, which the CCP is.
The CCP has demonstrated itself to be quite sophisticated with supply chain attacks.
Nothing short of fully open sourcing TikTok and offering reproducible builds can even begin to protect users from covert surveillance and manipulation by a central party.
B) Using careful wording to not technically be lying, but is nonetheless misrepresenting the situation.
C) Is out of the loop deliberately or otherwise and these things are happening without his specific knowledge.
We already know they used the app to spy on journalists with Forbes that were investigating their company but blamed lower level people inside the company as responsible.
So sure, maybe he is telling the truth that the Chinese government has never requested any user data. Maybe they don't need to request data because everything is already being mirrored to CCP data centers. Maybe they never see the user data but work with a go between inside Bytedance who essentially is responsible for doing the work for them.
You know what is better than a ban? A giant multi-billion dollar fine.
Given that many big tech companies that have been found to violate and abuse the user's privacy, especially US users, it only makes sense in order for TikTok to remain operating in the US they should just pay a massive billion dollar fine to stay and continue their tracking ways until they stop or reduce it.
Sounds like a win-win-win for the US government / regulators, TikTok and US users.
The CCP can just make their own bulk copy of data covertly using botnets posing as users, as is tradition.
Also all the GPS logging metadata and behavioral training data any adversary could ever want are there for the scraping too with any number of potential exploits.
More than that though, companies like Oracle have never done any published work on supply chain attacks to my knowledge and stopping them is really hard. Are they reveiwing all the hundreds of third party dependencies too? Doubtful. Even if they are, you can review source code all day long but that will not stop a few bits being shifted at compile time to make the randomness in the TLS connections not so random, and easier to sniff for a party in the know. You could even shift them at runtime if you happen to be in charge of CPU manufacturing for most phones, which the CCP is.
The CCP has demonstrated itself to be quite sophisticated with supply chain attacks.
Nothing short of fully open sourcing TikTok and offering reproducible builds can even begin to protect users from covert surveillance and manipulation by a central party.